Microsoft Word C055792e pour mise en page et sommaire doc Reference number ISO 16175 3 2010(E) © ISO 2010 INTERNATIONAL STANDARD ISO 16175 3 First edition 2010 12 01 Information and documentation — Pr[.]
INTERNATIONAL STANDARD ISO 16175-3 First edition 2010-12-01 Information and documentation — Principles and functional requirements for records in electronic office environments — Part 3: Guidelines and functional requirements for records in business systems Information et documentation — Principes et exigences fonctionnelles pour les enregistrements dans les environnements électroniques de bureau — `,,```,,,,````-`-`,,`,,`,`,,` - Partie 3: Lignes directrices et exigences fonctionnelles pour les enregistrements dans les systèmes d'entreprise Reference number ISO 16175-3:2010(E) Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS © ISO 2010 Not for Resale ISO 16175-3:2010(E) PDF disclaimer This PDF file may contain embedded typefaces In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing In downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy The ISO Central Secretariat accepts no liability in this area Adobe is a trademark of Adobe Systems Incorporated Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing Every care has been taken to ensure that the file is suitable for use by ISO member bodies In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below `,,```,,,,````-`-`,,`,,`,`,,` - COPYRIGHT PROTECTED DOCUMENT © ISO 2010 All rights reserved Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO's member body in the country of the requester ISO copyright office Case postale 56 • CH-1211 Geneva 20 Tel + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyright@iso.org Web www.iso.org Published in Switzerland ii Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS © ISO 2010 – All rights reserved Not for Resale ISO 16175-3:2010(E) Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies) The work of preparing International Standards is normally carried out through ISO technical committees Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization The main task of technical committees is to prepare International Standards Draft International Standards adopted by the technical committees are circulated to the member bodies for voting Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote ISO 16175-3 was prepared by the International Council on Archives (as International Council on Archives and the Australasian Digital Recordkeeping Initiative Principles and Functional Requirements for Records in Electronic Office Environments — Module 1: Overview and Statement of Principles) and was adopted, under a special “fast-track procedure”, by Technical Committee ISO/TC 46, Information and documentation, Subcommittee SC 11, Archives/records management, in parallel with its approval by the ISO member bodies ISO 16175 consists of the following parts, under the general title Information and documentation — Principles and functional requirements for records in electronic office environments: ⎯ Part 1: Overview and statement of principles ⎯ Part 2: Guidelines and functional requirements for records in electronic office environments `,,```,,,,````-`-`,,`,,`,`,,` - ⎯ Part 3: Guidelines and functional requirements for records in business systems © ISO for 2010 – All rights reserved Copyright International Organization Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS iii Not for Resale ISO 16175-3:2010(E) Blank page `,,```,,,,````-`-`,,`,,`,`,,` - iv Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS © ISO 2010 – All rights reserved Not for Resale ISO 16175-3:2010(E) International Council on Archives ` Principles and functional requirements for records in digital office environments Module Guidelines and functional requirements for records in `,,```,,,,````-`-`,,`,,`,`,,` - business systems Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS v © ISO 2010 – All rights reserved Not for Resale ISO 16175-3:2010(E) Published by the International Council on Archives This module was developed by the National Archives of Australia and Queensland State Archives in conjunction with a joint project team formed by members of the International Council on Archives and the Australasian Digital Recordkeeping Initiative © International Council on Archives 2008 ISBN: 978-2-918004-02-8 Reproduction by translation or reprinting of the whole or of parts for non-commercial purposes is allowed on condition that due acknowledgement is made This publication should be cited as: International Council on Archives, Principles and Functional Requirements for Records in Digital Office Environments – Module 3: Guidelines and Functional Requirements for Records in Business Systems, 2008, published at www.ica.org vi `,,```,,,,````-`-`,,`,,`,`,,` - Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS © ISO 2010 – All rights reserved Not for Resale ISO 16175-3:2010(E) International Council on Archives Records in Business Systems INTRODUCTION 1.1 Scope and purpose 1.2 Audience 1.3 Related standards 1.4 Terminology 1.5 Structure 1 3 GUIDELINES 2.1 Why is it important to have evidence of business processes and activities? 2.2 The business systems landscape and records 2.3 Determining needs for evidence of events, transactions and decisions in business systems 2.3.1 Analyse the work process 2.3.2 Identify requirements for evidence of the business 2.3.3 Identify the content and its associated management information that record this evidence 2.3.4 Identify linkages and dependencies 2.3.5 Devise strategies to address core records processes based on an options assessment 2.3.6 Risk and options assessment 2.3.7 Implementation 2.4 Using the functional requirements 2.4.1 Key outcomes 2.4.2 Developing a software design specification for a business system with records management functionality 2.4.3 Reviewing, assessing and auditing existing business systems 2.4.4 Undertaking the review process 2.5 Entity relationship models 2.5.1 Record categories and the records classification scheme 2.5.2 Aggregations of digital records 2.5.3 Digital records 2.5.4 Extracts 2.5.5 Components FUNCTIONAL REQUIREMENTS 3.1 Creating records in context 3.1.1 Creating a fixed record 3.1.2 Record metadata 3.1.3 Managing of aggregations of digital records 3.1.4 Records classification 7 15 16 20 21 23 24 25 26 27 29 29 30 31 31 31 32 34 35 38 39 40 vii © ISO 2010 – All rights reserved Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS `,,```,,,,````-`-`,,`,,`,`,,` - CONTENTS Not for Resale ISO 16175-3:2010(E) 3.2 3.3 3.4 Records in Business Systems Managing and maintaining records 3.2.1 Metadata configuration 3.2.2 Record reassignment, reclassification, duplication and extraction 3.2.3 Reporting on records 3.2.4 Online security processes Supporting import, export and interoperability 3.3.1 Import 3.3.2 Export Retaining and disposing of records as required 3.4.1 Compliance with disposition authorisation regimes 3.4.2 Disposition application 3.4.3 Review 3.4.4 Destruction 3.4.5 Disposition metadata 3.4.6 Reporting on disposition activity APPENDICES A Glossary B Integrating records considerations into the systems development life cycle Project initiation Requirements analysis Design Implementation Maintenance Review and evaluation C Further reading viii Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS 40 42 43 44 44 47 48 48 49 50 52 54 55 55 56 58 58 67 67 68 68 69 69 70 71 © ISO 2010 – All rights reserved Not for Resale `,,```,,,,````-`-`,,`,,`,`,,` - International Council on Archives INTERNATIONAL STANDARD ISO 16175-3:2010(E) International Council on Archives Records in Business Systems INTRODUCTION Organisations implement business systems to automate business activities and transactions As a result, the digital information generated by a business system increasingly serves as the only evidence or record of the process, despite the system not being designed for this purpose Without evidence of these activities, organisations are exposed to risk and may be unable to meet legislative, accountability, business and community expectations Because of the dynamic and manipulable nature of business systems, the capture of fixed records and the ongoing management of their authenticity, reliability, usability and integrity can be challenging Organisations are therefore faced with a significant risk of mismanagement, inefficiency and unnecessary expenditure While these same organisations may have an electronic records management system (ERMS),1 it may not capture all records of the organisation This document is designed to address the records management gap caused by the increasing use of business systems It provides guidelines on identifying and addressing the needs for records, and a set of generic requirements for records management functionality within business systems software It aims to: • help organizations understand digital records management requirements; • assist organisations to improve digital records management practices; • reduce the duplication of effort and associated costs in identifying a minimum level of functionality for records in business systems; and • establish greater standardisation of records management requirements for software vendors The document does not prescribe a specific implementation approach The intent of these specifications can be realised through interfacing or integrating the business system with an electronic records management system or by building the functionality into the business system 1.1 Scope and purpose This document will help organisations to ensure that evidence (records) of business activities transacted through business systems are appropriately identified and managed Specifically, it will assist organisations to: • understand processes and requirements for identifying and managing records in business systems; An electronic records management system is a type of business system specifically designed to manage records However, in the interests of clarify and brevity, for the purpose of this document, ‘business system’ should be taken as excluding an electronic records management system `,,```,,,,````-`-`,,`,,`,`,,` - © ISO 2010 – All rights reserved Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS Not for Resale ISO 16175-3:2010(E) International Council on Archives Records in Business Systems • develop requirements for functionality for records to be included in a design specification when building, upgrading or purchasing business system software; • evaluate the records management capability of proposed customised or commercial off-the-shelf business system software; and • review the functionality for records or assess compliance of existing business systems It does not provide a complete specification but rather outlines a number of key records management requirements, with recommended levels of obligation, which can be used as a starting point for further development As outlined in the document, organisations will still need to assess, amend and select their requirements based on their business, technical and jurisdictional environments and constraints `,,```,,,,````-`-`,,`,,`,`,,` - This Module only addresses records management requirements and does not include general system management Design requirements such as usability, reporting, searching, system administration and performance are beyond the scope of this document It also assumes a level of knowledge about developing design specifications, procurement and evaluation processes, therefore these related issues are not covered in any detail Requirements for the long-term preservation of digital records are not explicitly covered within this document However, the inclusion of requirements for export supports preservation by allowing the export of records to a system that is capable of long-term preservation activities, or for the ongoing migration of records into new systems While the guidance presented in this Module should be applicable to records management in highly integrated software environments based on service-oriented architectures, such scenarios are not explicitly addressed Similar principles and processes will apply in such environments, but additional analysis will be required to determine what processes and data constitute, across multiple systems, the required evidence or record of any particular transaction Use of the term ’system’ in this document refers to a computer or IT system This is in contrast to the records management understanding of the term that encompasses the broader aspects of people, policies, procedures and practices Organisations will need to consider these wider aspects, and to ensure that fundamental records management supporting tools such as disposition authorities,2 information security classifications and a records culture are in place, in order to ensure records from business systems can be appropriately managed 1.2 Audience The primary audience for this document is staff responsible for designing, reviewing and/or implementing business systems in organisations, such as business analysts A formal instrument that defines the retention periods and consequent actions authorised for classes of records described in the authority Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS © ISO 2010 – All rights reserved Not for Resale